AstraSync

checked 1 day ago

AstraSync issues verifiable identity credentials and trust scores for AI agents through its Know Your Agent platform.

Identity and trustLive

Agents get an ASTRA-ID, a portable agent card, and a dynamic trust score, registered and verified through the Know Your Agent API and SDKs.

Credential type
ASTRA-ID agent card (ERC-8004-based), with support for mapping external DID, Verifiable Credential, SD-JWT, and X.509 credentials to the ASTRA-ID as primary anchor
Who accepts it
A2A (Agent2Agent) counterparties, MCP endpoints, Commerce protocol integrators declaring ACP, AP2, UCP, VI, Agent Pay, x402, or TAP support
Delegation model
Agent cards declare a PDLSS permission envelope (Purpose, Duration, Limits, Scope, Self-instantiation) set immutably at registration
Revocation
No active revocation endpoint documented; lifecycle control is via deactivation, which moves an agent to a deactivated state while preserving audit history
Reputation model
Trust score from 0 to 100, computed at runtime from metadata completeness, KYD verification status, observed runtime behavior, and blockchain-recorded verification events
Integration
API, SDK
Pricing
Free tier includes 100 verifications per month. Paid tiers are Developer at $9 per month, Developer Plus at $99 per month, Business at $299 per month, and custom Enterprise pricing.

Gotchas

  • API-key registrations require a verified Know Your Developer (KYD) profile; without one, registration returns 403 KYD_REQUIRED and falls back to an asynchronous owner-approval flow.
  • Permission boundaries (PDLSS) are set at registration and are immutable afterward; changing them requires retiring the agent and registering a new one.
  • An agent cannot read its own permissions via the API; GET on its own record returns 403, by design.